Behavior based network traffic analysis tool

Pattern matching systems are mainly based on network models, which are formed from detailed analysis of user statistics and network traffic. These models are used in developing traffic analysis tools. This paper focuses on development of a behavior analysis tool on any operating system and its use on detecting internal active/passive attacks. Many kinds of tools and firewalls are in market to help network administrator to prevent intrusion from outside network, but very few tools to stop attacks from internal part of the network. This tool provides a way to detect any unusual behavior by a legitimate user in a network. It uses packet sniffer like Wireshark to record log traffic over a network. Furthermore, behavioral analysis is carried in two phases. In the first phase, Wireshark records the user´s interaction with the network for a period of time and is stored in database. In second phase, current activity is compared to the past activity and notifies any new behavior to network administrator. This tool adds an additional layer of security along with the intrusion detection systems available from any network attacks. Many additional features can be incorporated in this tool for future enhancement.